From: "Stephen Carville" <[EMAIL PROTECTED]>
> On Mon, 6 Aug 2001, Alejandro Gonz�lez Hern�ndez - Imoq wrote:
>
> - Hi!
> -
> - I seem to be getting a kind of web exploit in my server. I have noticed
> - this in error_log since two days ago (I'll past just a little bit of the
> - file, of course):
>
> Code Red Worm. It is an IIS exploit that is looking for more sites to
> subvert.
>
> I am sorely tempted to throw together a Perl script to extract the
> addresses, get the MX record for the domain and send of an email to
> usual names asking them fix their f**king servers. Won't do any good
> of course.
Stephen, sending email to the wrong place will never do any good. It is a
really twittish response. At the very least access the website thus revealed.
You'll find that most of them are home machines that do not even have IIS
fully installed enough to display the canned example web site. Until all
or almost all machines are cleaned up the problem will not go away. (And
backdoors will exist on a simply amazing number of machines.)
{^_^}
_______________________________________________
Seawolf-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/seawolf-list
